Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add inter-boundary-communication-has-direction constraint #950

Open
wants to merge 10 commits into
base: develop
Choose a base branch
from
Open

Add inter-boundary-communication-has-direction constraint #950

wants to merge 10 commits into from
+107 −35

Conversation

DimitriZhurkin
Copy link

@DimitriZhurkin DimitriZhurkin commented Dec 2, 2024
edited
Loading

Committer Notes

Add the inter-boundary-communication-has-direction constraint, which tests the following scenario:
Every inter-boundary communication component has at least one network traffic direction property, with no more than one incoming and no more than one outgoing traffic direction property.

Related issue: #930.

All Submissions:

By submitting a pull request, you are agreeing to provide this contribution under the CC0 1.0 Universal public domain dedication.

@DimitriZhurkin DimitriZhurkin requested a review from a team as a code owner December 2, 2024 21:53
brian-ruf
brian-ruf reviewed Dec 2, 2024
View reviewed changes
src/validations/constraints/content/ssp-all-VALID.xml
<component uuid="66666666-0000-4000-9000-000000000006" type="interconnection">
<title>External API Connection</title>
<description>
<p>Secure connection to an external API for data enrichment.</p>
</description>
<prop name="interconnection-security" value="vpn" ns="https://fedramp.gov/ns/oscal"/>
<prop name="interconnection-direction" value="in/out" ns="https://fedramp.gov/ns/oscal"/>
<prop name="direction" value="incoming" ns="https://fedramp.gov/ns/oscal"/>
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the "direction" property is core OSCAL. Please drop the @ns

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OK re this feedback and #938 (comment), we are putting in the new core direction and connection-security and will eventually drop those with prefixed with interconnection-?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the "direction" property is core OSCAL. Please drop the @ns

I'm keeping the FedRAMP namespace until the core OSCAL changes are implemented. Otherwise, the constraint fails.

@DimitriZhurkin DimitriZhurkin force-pushed the add-inter-boundary-communication-has-direction branch from 3b3415d to a068aba Compare December 3, 2024 17:33
@DimitriZhurkin DimitriZhurkin self-assigned this Dec 3, 2024
@Gabeblis Gabeblis linked an issue Dec 3, 2024 that may be closed by this pull request
Components representing inter-boundary communication need to declare the direction of data flow #930
Open
14 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aj-stein-gsa aj-stein-gsa aj-stein-gsa left review comments

@brian-ruf brian-ruf brian-ruf left review comments

@Gabeblis Gabeblis Gabeblis approved these changes

At least 2 approving reviews are required to merge this pull request.

Assignees

@DimitriZhurkin DimitriZhurkin

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Components representing inter-boundary communication need to declare the direction of data flow
4 participants
@DimitriZhurkin @brian-ruf @Gabeblis @aj-stein-gsa